Symmetric encryption is no longer necessary, because all security services can be implemented with public-key cryptography. Moreover, in public key cryptography the operations for authentication and confidentiality are exactly the same.

Welcome to Crypto.SE! Could you be so kind to provide a link to where you got that quote from? Not a single search engine shows the related text mentioned anywhere but here at Crypto.SE. Or is that just something you came up with? In that case, using the "quote" styling is a bit confusing/misleading.
–
e-sushiJan 25 '14 at 5:04

1

I would like to see whoever wrote that use public key crypto to encrypt a 2TB hard disk filled with data
–
Richie FrameJan 25 '14 at 6:03

1

That's the end of my fledgling career then :(
–
figlesquidgeJan 25 '14 at 12:26

5 Answers
5

Symmetric encryption is also usually more efficient in key length. If you have n-bit key, the attacker needs about $\frac{1}{2} \cdot 2^n$ tries in average in the ideal key length efficiency. With AES (symmetric), you can get pretty close to this efficiency. On the other hand, with ECC (assymetric), you need to about double the key kength to achieve similar level of security.

There might be one more thing to consider – quantum computers. Symmetric encryption is usually pretty safe – attacker can do a bruteforce attack in $O(2^{n/2})$ using the Grover's algorithm. (Note that this attack is only probabilistic.) This can significantly weaken the encryption. However, you can efficiently defend yourself by using a large enough key. A key of doubled length is probably OK in general.

On the other hand, many asymmetric cipher rely on hardness of some problems (e.g. primes factorization, discrete logarithm, …) that can be efficiently done on a quantum computer using Shor's algorithm (which is also a probabilistic one - see complexity class BQP). Since the complexity of this algorithm is less than $O(n^3)$, you can't efficiently defend yourself using a longer key.

Well, there are some asymmetric ciphers that are believed to be QC-proof. One of most discussed is NTRU. These ciphers are relatively young at all, though.

Symmetric encryption is no longer necessary, because all security services can be implemented with public-key cryptography.

No. The speed of asymmetric encryption is prohibitive when it comes to encrypting more than a few hundred bits of data. This is why most protocols that implement encryption with asymmetric cryptography are hybrid, using asymmetric encryption to share a symmetric key and this symmetric key for the rest of the protocol. They are based on the following general principle:

generate material for a unique symmetric key;

use asymmetric cryptography to share this material and establish a symmetric key;

use this symmetric key to transfer large amounts of data.

Some typical examples:

In a two-participant communication protocol, use Diffie-Hellman to establish a secret that is known only to two participants, then use this secret as a symmetric key.

To encrypt a message with an public key, generate a random symmetric key, encrypt it with the public key, and encrypt the message with the symmetric key.

In addition, the operations of asymmetric cryptography tend to be slightly harder to implement correctly, and in contexts where this matter, significantly harder to implement without leaking information via side channels such as timing and power consumption.

Moreover, in public key cryptography the operations for authentication and confidentiality are exactly the same.

Not really. While some of the building blocks can be the same (for example, the core RSA operation), actual algorithms for authentication and confidentiality are different (for example, RSA requires different padding schemes).

Furthermore keys used for authentication and confidentiality often require different management policies. For example, encryption key typically need to remain usable in the last resort (so they should be backed up, even though there is a risk that the backup is stolen), to avoid losing encrypted data. On the other hand, authentication keys typically do not need to be available in the last resort as physical access can be used instead.

You might want to also mention that, while the RSA encryption algorithm has a similar signature algorithm, it is not generally the case that an encryption/signature algorithm has a very similar signature/encryption algorithm.
–
cpastJan 9 at 17:09

Symmetric encryption is no longer necessary, because all security services can be implemented with public-key cryptography.

I suppose that is true enough at a high level; if all you had was public key cryptography, you could do symmetric cryptography (if necessary, giving both sides copies of the private and the public keys); this would meet the security requirements against adversaries that don't have the keys.

On the other hand, this skips a rather important point about symmetric key cryptography; efficiency. Symmetric cryptography is thousands of times faster at encrypting and authenticating data. In practice, public key cryptography is almost never used alone; if you encrypt a message, the most common approach is to pick a random symmetric key, use that to encrypt the message, and then use your public key encryption method to encrypt the symmetic key. Similarly, if you sign a message, you generally use a symmetric cryptographical hash to summarize the message into a short hash, and then perform the signature operation on the hash. Yes, you could do everything using only public key primitives, but no one does.

Moreover, in public key cryptography the operations for authentication and confidentiality are exactly the same.

Nope; public key encryption does not provide any authentication (as anyone with the public key can generate the message), and signatures do not provide any confidentiality.

If I were to speculate what the author was thinking about, I would guess he was thinking about RSA; with RSA, the confidentiality (public key encryption) and the authentication (signature) method are distinct (the padding methods are different), but they do rhyme.

Moreover, in public key cryptography the operations for authentication and confidentiality are exactly the same.

Maybe in some algorithms implementations. Generally this can be considered as over generalization and misinterpretation.

Symmetric encryption is no longer necessary, because all security services can be implemented with public-key cryptography.

Strictly speaking the argument is correct. Symmetric encryption is not necessary. They are strictly used for performance and footprint reasons. (Similarly, modern communication networks are just optimization over using IP over Avian Carriers.)

Taking efficiency arguments aside, there is little that you cannot be done with public key cryptography.

However, opposite is true: symmetric cryptography does not provide replacement for asymmetric cryptography. (Consider e.g. signatures, where no full substitute exists.)

When using asymmetric (public key) cryptography, the vulnerabilities and attack vectors are somewhat different. Most notably, the most common public key algorithms are vulnerable to quantum computing and a few implementations have notable side-channel leaks.

Symmetric encryption is no longer necessary, because all security services can be implemented with public-key cryptography.

That's a strong claim which, in it's current state, lacks references and - even more important - proof. Fact is that it could theoretically be done, but practically there are explicit positive as well as negative implications to both symmetric and asymmetric encryption which each make them - for a good reason - perfect candidates for specific implementations only.

It's like saying "you don't need airplanes anymore... you can kayak all the way from Europe to the US." Now, could it theoretically be done? Sure. Does it make sense to forget all about airplanes then? No.

Moreover, in public key cryptography the operations for authentication and confidentiality are exactly the same.

That's incorrect, and makes me think that the person who you are quoting never really looked at the related algorithms to compare their inner workings and practical implementation potential. There are numerous ways where PKC and symmetric encryption differ - which is also reflected in their individual strengths and weaknesses.

Sure, currently the world wide web is all over asymmetric encryption thanks to the three-letter agency and stuff. But that doesn't mean symmetric encryption has lost one bit of importance. I would, for example, not want to encrypt my HDs using PKC - negative performance impacts and obviously more critical attack vectors merely mark two of many reasons why I personally would not even think about it.

All in all, I would surely like to see some references that support the quoted claims. As is,they're faulty and from my personal point of view - don't really make much sense either.